Skip to content

Commit 5ffc829

Browse files
EmyrkEmyrk
committed
add ability to cancel audit log
1 parent ca1241b commit 5ffc829

File tree

2 files changed

+32
-11
lines changed

2 files changed

+32
-11
lines changed

coderd/audit/request.go

+14
Original file line numberDiff line numberDiff line change
@@ -267,6 +267,20 @@ func requireOrgID[T Auditable](ctx context.Context, id uuid.UUID, log slog.Logge
267267
return id
268268
}
269269

270+
// InitRequestWithCancel returns 2 functions. The first commits the audit log,
271+
// the second cancels any future calls to commit.
272+
func InitRequestWithCancel[T Auditable](w http.ResponseWriter, p *RequestParams) (aReq *Request[T], commit func(), cancel func()) {
273+
req, commit := InitRequest[T](w, p)
274+
canceled := false
275+
return req, func() {
276+
if !canceled {
277+
commit()
278+
}
279+
}, func() {
280+
canceled = true
281+
}
282+
}
283+
270284
// InitRequest initializes an audit log for a request. It returns a function
271285
// that should be deferred, causing the audit log to be committed when the
272286
// handler returns.

enterprise/coderd/scim.go

+18-11
Original file line numberDiff line numberDiff line change
@@ -272,12 +272,13 @@ func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) {
272272
}
273273

274274
auditor := *api.AGPL.Auditor.Load()
275-
aReq, commitAudit := audit.InitRequest[database.User](rw, &audit.RequestParams{
275+
aReq, commitAudit, cancelAudit := audit.InitRequestWithCancel[database.User](rw, &audit.RequestParams{
276276
Audit: auditor,
277277
Log: api.Logger,
278278
Request: r,
279279
Action: database.AuditActionWrite,
280280
})
281+
281282
defer commitAudit()
282283

283284
id := chi.URLParam(r, "id")
@@ -323,17 +324,23 @@ func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) {
323324
status = database.UserStatusSuspended
324325
}
325326

326-
//nolint:gocritic // needed for SCIM
327-
userNew, err := api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{
328-
ID: dbUser.ID,
329-
Status: status,
330-
UpdatedAt: dbtime.Now(),
331-
})
332-
if err != nil {
333-
_ = handlerutil.WriteError(rw, err)
334-
return
327+
if dbUser.Status != status {
328+
//nolint:gocritic // needed for SCIM
329+
userNew, err := api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{
330+
ID: dbUser.ID,
331+
Status: status,
332+
UpdatedAt: dbtime.Now(),
333+
})
334+
if err != nil {
335+
_ = handlerutil.WriteError(rw, err)
336+
return
337+
}
338+
dbUser = userNew
339+
} else {
340+
// Do not push an audit log if there is no change.
341+
cancelAudit()
335342
}
336-
aReq.New = userNew
337343

344+
aReq.New = dbUser
338345
httpapi.Write(ctx, rw, http.StatusOK, sUser)
339346
}

0 commit comments

Comments
 (0)